CyberSecurity Updates

28 May

Pakistan Arrests 21 in ‘Heartsender’ Malware Service

Information, Insights

Authorities in Pakistan have arrested 21 individuals accused of operating “Heartsender,” a once popular spam and malware dissemination service that operated for more than a decade. The main clientele for HeartSender were organized crime groups that tried to trick victim companies into making payments to a third party, and its alleged proprietors were publicly identified by KrebsOnSecurity in 2021 after they inadvertently infected their computers with malware. Some of the core developers and sellers of…

Read More
27 May

New Guidance for SIEM and SOAR Implementation

Attacks, Insights, Malware

Today, CISA, in collaboration with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and other international and U.S. partners, released new guidance for organizations seeking to procure Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms. This guidance includes the following three resources: Implementing SIEM and SOAR Platforms – Executive Guidance outlines how executives can enhance their organization’s cybersecurity framework by implementing these technologies to improve visibility into…

Read More
25 May

Danabot under the microscope

Information

ESET Research has been tracking Danabot’s activity since 2018 as part of a global effort that resulted in a major disruption of the malware’s infrastructure 23 May 2025 As US authorities, along with Europol and Eurojust, have announced a global disruption operation of Danabot, ESET researchers have released their deep-dive analysis of this sprawling malware-as-a-service (MaaS) operation that according to US authorities compromised more than 300,000 computers around the world and caused at least US$50…

Read More
24 May

Lumma Stealer: Down for the count

Information

The bustling cybercrime enterprise has been dealt a significant blow in a global operation that relied on the expertise of ESET and other technology companies 22 May 2025 A global disruption operation has dealt a significant blow to Lumma Stealer, one of the most prolific malware-as-a-service (MaaS) operations. The disruption effort, led by Microsoft and involving technical analysis by ESET researchers, targeted the infostealer’s infrastructure, including all known C&C servers from the past year, and…

Read More
24 May

Danabot: Analyzing a fallen empire

Information

As announced by the US Department of Justice – the FBI and US DoD’s Defense Criminal Investigative Service (DCIS) have managed to disrupt the infrastructure of the notorious infostealer, Danabot. ESET is one of the many cybersecurity companies to participate in this long-term endeavor, becoming involved back in 2018. Our contribution included providing technical analyses of the malware and its backend infrastructure, as well as identifying Danabot’s C&C servers. The joint takedown effort also led…

Read More
23 May

ESET takes part in global operation to disrupt Lumma Stealer

Information

ESET has collaborated with Microsoft, BitSight, Lumen, Cloudflare, CleanDNS, and GMO Registry in a global disruption operation against Lumma Stealer, an infamous malware-as-a-service (MaaS) infostealer. The operation targeted Lumma Stealer infrastructure with all known C&C servers in the past year, rendering the exfiltration network, or a large part of it, nonoperational. Key points of this blogpost: ESET took part in a coordinated global operation to disrupt Lumma Stealer. ESET provided technical analysis and statistical information,…

Read More
22 May

Oops: DanaBot Malware Devs Infected Their Own PCs

Information, Insights

The U.S. government today unsealed criminal charges against 16 individuals accused of operating and selling DanaBot, a prolific strain of information-stealing malware that has been sold on Russian cybercrime forums since 2018. The FBI says a newer version of DanaBot was used for espionage, and that many of the defendants exposed their real-life identities after accidentally infecting their own systems with the malware. DanaBot’s features, as promoted on its support site. Image: welivesecurity.com. Initially spotted…

Read More
22 May

Cybersecurity and AI: Integrating and Building on Existing NIST Guidelines

Insights

What is NIST up to? On April 3, 2025, NIST hosted a Cybersecurity and AI Profile Workshop at our National Cybersecurity Center of Excellence (NCCoE) to hear feedback on our concept paper which presented opportunities to create profiles of the NIST Cybersecurity Framework (CSF) and the NIST AI Risk Management Framework (AI RMF). These would serve to support the cybersecurity community as they adopt AI for cybersecurity, need to defend against AI-enabled cybersecurity attacks, as well as protect AI systems…

Read More
22 May

New Best Practices Guide for Securing AI Data Released

Attacks, Insights, Malware

Today, CISA, the National Security Agency, the Federal Bureau of Investigation, and international partners released a joint Cybersecurity Information Sheet on AI Data Security: Best Practices for Securing Data Used to Train & Operate AI Systems.  This information sheet highlights the critical role of data security in ensuring the accuracy, integrity, and trustworthiness of AI outcomes. It outlines key risks that may arise from data security and integrity issues across all phases of the AI…

Read More
22 May

Advisory Update on Cyber Threat Activity Targeting Commvault’s SaaS Cloud Application (Metallic)

Attacks, Insights, Malware

Commvault is monitoring cyber threat activity targeting their applications hosted in their Microsoft Azure cloud environment. Threat actors may have accessed client secrets for Commvault’s (Metallic) Microsoft 365 (M365) backup software-as-a-service (SaaS) solution, hosted in Azure. This provided the threat actors with unauthorized access to Commvault’s customers’ M365 environments that have application secrets stored by Commvault. See the following resource for more information: Notice: Security Advisory (Update). CISA believes the threat activity may be part of…

Read More